How to make a debian domain controller

Written by mark pool

Share

Tweet

Share

Pin

Email

(Jupiterimages/Comstock/Getty Images)

A domain controller is a server used on a Windows network to authenticate user names and passwords. Instead of storing this information on the individual computers, it's stored on the domain controller. Debian Linux can provide the same network service using an open-source program called Samba. Samba provides an open implementation of Server Message Blocks (SMB). SMB is the basis of Windows networking. Samba is combined with the Lightweight Directory Access Protocol (LDAP) to authenticate Windows users on a domain network.

Skill level:

Moderate

Other People Are Reading

Instructions

1

Open a terminal window and type "su" and press "Enter" to log in as the "root" user. When entering commands don't include the quotes unless otherwise noted.

2

Type the following command, then press "Enter" to install an LDAP server:

aptitude install slapd

This is the server program used to authenticate Windows users.

3

Type the following command, then press "Enter" to install the LDAP administrative interface:

aptitude install apache-ssl phpldapadmin

This command installs the secure version of the Apache Web server and the PHPLDAPAdmin package, which is used to provide easy LDAP administration. During the installation process you will be prompted to provide information about your organisation to create the SSL certificate, including: country, state, city, organisation or domain name, OU (which stands for organizational unit or department), host name of the computer and contact e-mail.

4

Type the following three commands to install MKNTPWD, press "Enter" after each line:

This is the Samba package that will present the server to the network as a Windows server and translate the SMB protocol used in the domain.

6

Type the following two lines to install a basic LDAP configuration, press "Enter" after each command:

cd /usr/share/doc/samba-doc/examples/LDAP

gunzip samba.schema.gz && cp samba.schema /etc/ldap/schema/

This unpacks and installs the LDAP example schema, which can be modified for a Windows network.

7

Type the following command, then press "Enter" to open the LDAP configuration file:

emacs /etc/ldap/slapd.conf

You can change "emacs" to a different text editor if you prefer.

8

Search for the lines that start with "include," then add the following line after the "include" lines:

include /etc/ldap/schema/samba.schema

This includes the Samba schema, which explains the structure of a Windows network to the LDAP server.

9

Press the "Ctrl" and "x" keys on the keyboard, then release the keys and press "Ctrl" and "x." Press "x" to save the file before exiting.

10

Type the following command, then press "Enter" to restart the LDAP server:

/etc/init.d/slapd restart

11

Open Firefox and enter the following in the address bar:

https://mycomputer/phpldapadmin/

Replace "mycomputer" with the name or address of your computer. You can use any Web browser to access this address. This is the administration interface to use when adding or removing users and computers from your network.

12

Enter the user information. The user name is "admin," the password and domain are the same that was created when LDAP was installed. Don't include the quotes or coma in the user name.

13

Click the plus sign to expand the root node, then click "Create new entry here." Click "OU," followed by "Proceed."

14

Enter "users" as the name of the OU, then click "Create object." Repeat step 13 and 14 to create two more objects called "groups" and "machines." Don't include quotes or periods in the OU names.

15

Close Firefox, or your preferred browser, and return to the terminal window.

16

Type the following command, then press "Enter" to open the Samba configuration file:

emacs /etc/samba/smb.conf

You can change "emacs" to a different text editor if you prefer.

17

Press the "Ctrl" and "s" keys to bring up the search function.

18

Type "passdb backend=tdsam" to search for the password database line in the file. Don't include the quotes in the search. Then press enter to return to editing mode.

19

Replace the "passdb" line you found with the following nine lines, press "Enter" after each line:

passdb backend = ldapsam:ldap://127.0.0.1

ldap suffix = dc=mydomain,dc=com

ldap machine suffix = ou=machines

ldap user suffix = ou=users

ldap group suffix = ou=groups

ldap admin dn = cn=admin,dc=mydomain,dc=com

ldap delete dn = no

domain logons = yes

enable privileges = yes

Replace "mydomain" and "com" with your full domain name.

20

Press the "Ctrl" and "x" keys on the keyboard, then release the keys and press "Ctrl" and "c". Press "y" to save the file before exiting.

21

Type the following command, then press "Enter" to create an administrative password for Samba and restart the service:

smbpasswd -w password && /etc/init.d/samba restart

Be sure to write this password down along with the LDAP password. They will be required if you make changes later. The domain controller is now configured. You can add users to the domain using the PHPLDAPAdmin tool. Configure the Windows client machines to point to the domain controller as if it were a Windows domain controller.